{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-020.pdf"
    },
    "title": "Critical Vulnerability in Zoom Products",
    "serial_number": "2024-020",
    "publish_date": "15-02-2024 09:15:27",
    "description": "On February 13, 2024, Zoom released a security advisory addressing one critical vulnerability. If exploited, this vulnerability allows an unauthenticated attacker to conduct privilege escalation on the target system via network access.<br>\nIt is recommended applying updates as soon as possible.<br>\n",
    "url_title": "2024-020",
    "content_markdown": "---\ntitle: 'Critical Vulnerability in Zoom Products'\nnumber: '2024-020'\nversion: '1.0'\noriginal_date: 'February 13, 2024'\ndate: 'February 15, 2024'\n---\n\n_History:_\n\n* _15/02/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn February 13, 2024, Zoom released a security advisory [1] addressing one critical vulnerability. If exploited, this vulnerability allows an unauthenticated attacker to conduct privilege escalation on the target system via network access.\n\nIt is recommended applying updates as soon as possible [2].\n\n# Technical Details\n\nThe vulnerability `CVE-2024-24691`, with a CVSS score of 9.6, is due to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network.\n\n# Affected Products\n\nThis vulnerability impacts the following products:\n\n- Zoom Desktop Client for Windows before version 5.16.5\n- Zoom VDI Client for Windows before version 5.16.10 (excluding 5.14.14 and 5.15.12)\n- Zoom Rooms Client for Windows before version 5.17.0\n- Zoom Meeting SDK for Windows before version 5.16.5\n\n# Recommendations\n\nIt is recommended applying updates as soon as possible [2].\n\n# References\n\n[1] <https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/>\n\n[2] <https://zoom.us/download>0",
    "content_html": "<p><em>History:</em></p><ul><li><em>15/02/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On February 13, 2024, Zoom released a security advisory [1] addressing one critical vulnerability. If exploited, this vulnerability allows an unauthenticated attacker to conduct privilege escalation on the target system via network access.</p><p>It is recommended applying updates as soon as possible [2].</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <code>CVE-2024-24691</code>, with a CVSS score of 9.6, is due to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network.</p><h2 id=\"affected-products\">Affected Products</h2><p>This vulnerability impacts the following products:</p><ul><li>Zoom Desktop Client for Windows before version 5.16.5</li><li>Zoom VDI Client for Windows before version 5.16.10 (excluding 5.14.14 and 5.15.12)</li><li>Zoom Rooms Client for Windows before version 5.17.0</li><li>Zoom Meeting SDK for Windows before version 5.16.5</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>It is recommended applying updates as soon as possible [2].</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/\">https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://zoom.us/download\">https://zoom.us/download</a>0</p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}